ASD Essential 8 Assessment and Roadmap: 10-day Assessment

No set of mitigation strategies is a silver bullet in other words, there is no guaranteed mechanism to prevent all cyber security incidents. However, the ACSC recommended baseline strategies and controls makes it much harder for adversaries to compromise systems.

Implementing the Essential 8 controls, requires organisations to identify their assets and perform a risk assessment to identify the level of protection required from cyber threats, suitable to the environment.

Quorum’s Essential 8 Assessment guides prioritised and valuable remediations within a strategic roadmap, highlighting quick wins, and providing strategies to tackle more complex use-cases.

Strengthening security posture is a priority for all businesses. The Australian Cyber Security Centre (ACSC) has developed ‘Strategies to Mitigate Cyber Security Incidents’ as a baseline of eight essential mitigation strategies. Many Australian organisations who interact with Government, including agencies and non-profit are now required to comply with these ‘Essential 8’ strategies.

To develop and implement effective alignment to the Essential 8, a baseline first needs to established based on current cyber posture against the controls i.e. what controls are in place and how effective they are. If some or none of the strategies have been implemented, the roadmap developed will be in invaluable tool of how to get started.

Quorum’s Essential 8 Assessment provides guidance through an assessment process to prioritise the most valuable remediations within a strategic roadmap, enabling quick wins, and developing strategies to tackle more complex use-cases.

The 10-day assessment with a Quorum engineer will provide an evaluation of your environment to determine the applicability of a solution and to estimate the cost and timeline of implementation. As part of the assessment, our consultant will address elements such as: • Do you have clearly defined information security-related roles and responsibilities, including Board, senior management, governing bodies and individuals? • Do you maintain an information security capability commensurate with the extent of threats to your information assets? • Have you implemented controls to protect information assets commensurate with the criticality and sensitivity of those information assets? • Do you undertake systematic assurance regarding the effectiveness of those controls? • Do you have the ability to respond to information security incidents?

The assessment follows the following agenda: Stage 1: Establish a baseline by meeting with key stakeholders to determine what controls are in pace and how effective they are. Gather security assessments data using automated tools and identify key dependencies. Stage 2: Utilise stakeholder knowledge and capability to determine quick wins in improving security posture and prioritise critical initiatives for remediation. Stage 3: Construct house view of current security posture, with potential compliance gaps identified. Synthesise data into report of prioritised findings, recommendations and industry standard guidance.

This offer is designed to help organisations that need specific expertise and guidance on managing and remediating their security posture. This can specifically relate to customers who do not have the internal resources or skills to deliver a robust roadmap, and/or those who are looking for a security expert to partner with to ensure best practice is achieved. The assessment will help customers make the most of their Microsoft 365 investment by evaluating their current security posture and identifying areas for improvement. By conducting the assessment within your Microsoft 365 environment you gain valuable insights into the current security posture and optimisation opportunities. The roadmap will outline strategies and tactics that you can employ, upskill your team, and adopt that will complement and enhance your Microsoft 365 environment so you can be confident that you are achieving best practice.

At the completion of the assessment, you can expect to receive a report that provides insights into a future roadmap, with prioritised findings and remediation recommendations that align with industry best practice.